the original ssh client:
ssh -L 127.0.0.1:0:127.0.0.1:3000 mailgw
Bad local forwarding specification '127.0.0.1:0:127.0.0.1:3000'
the patched ssh client:
./ssh -L 127.0.0.1:0:127.0.0.1:3000 mailgw
Last login: Wed Jan 19 16:00:40 2011 from
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
tcp 0 0 127.0.0.1:38412 0.0.0.0:* LISTEN 15010/ssh
note the "0" port specification in the fwd arg.
here is a link to the patch generated against ubuntu openssh 5.5p1 source package. the same patch can be easily rewritten for the openssh original source tree (openbsd) if the mux.c diff is ignored (no unneeded test from bsd guys)
1. getting the next available port with a script and feed the ssh args with it immediately after does not guarantee you at all the port will still be available when ssh binds to it
2. how are you going to dig what port was used? see above
3. I failed to understand this:
if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
why should random listen ports should be allowed for remote forwards (-R) and not for local forwards / dynamic forwards? it just doesn't make any sense.